Security firm Beosin: BSC ecological protocol Atlantis Loans has been attacked, resulting in a loss of approximately $1 million.

Beosin, a security firm, reports that Atlantis Loans, a BSC ecological protocol, suffered a $1 million loss due to an attack.

According to the security agency Beosin’s monitoring, the Atlantis Loans protocol in the BSC ecosystem was subject to a governance attack. The attacker gained control over the contract and replaced it with a contract containing a backdoor function to transfer user assets. The current loss is around 1 million USD. On June 7, 2023, the attacker created a malicious governance proposal in the GovernorBravo contract, setting the administrators of multiple ABep20Dedelegateator contracts to the malicious contract. The attacker then voted to pass the proposal. The GovernorBravo contract only checked the eta parameter (unlock time) when placing the proposal in the queue, allowing the attacker to execute the proposal after the lockout period. After the lockout period, the malicious contract was set as the proxy contract administrator for all tokens. Then, the attacker changed the implementation address of ABep20Delegate to the contract containing the backdoor.